What does your ISP know about you and why should you care?
As the virtual mailman of the Internet, your Internet service provider (ISP) knows the addresses on everything sent and received by your computer.
Depending on where you live and the specific rules of your ISP, they could know a lot, lot more. In fact, they are even being positioned as the new ‘bouncers’ of the Internet, enforcing the rules on what content you can look at.
Just imagine the Internet as a global postal service. Your ISP has the role of the local mailman – making sure you get your incoming mail, then sorting and sifting what you put in the mailbox so it can successfully arrive at its destination.
To do so, the ISP has your Internet Protocol address (better known as the IP address) and the IP address of whomever you have been exchanging packets of data with. This permits each device using the Internet to be identified and located and is the bare minimum of your information which the ISP requires to play mailman.
But, there is more. ISPs can pair IP address data with a time stamp of when and for how long the specific computer was online. They also may keep track of the volume of packets sent out and received by your computer.
Think of each packet as a registered letter in the hands of a postal clerk: The ISP knows the sender, the recipient, and number of letters mailed. It is all theoretically autonomous because the ISP tracks activity by the specific IP address of each device in their network – not the person behind the machine.
But, since the ISP also knows each subscriber and the IP addresses of their computers, it’s not so difficult to connect the dots.
Just a question of time for your data
Yes, since ISPs already have data on your Internet activities, the question is for how long they should keep it. The time varies by individual company and by country. In the EU, the Data Retention Directive requires telecom companies to keep data logs for up to two years. This includes data on the source, destination, date, time, and equipment used for emails, phone calls and text messages. The European Commission has concluded that “retained telecommunications data play an important role in the protection of the public”.
This has raised the hackles of a few member countries, most notably Germany, who consider it an invasion of privacy. Not only did the German Constitutional Court throw out the law, the Germans also have not implemented a reasonable substitute, at least according to the EC. Last May, the EC even asked the European Court of Justice to levy a daily fine of € 315,036.54 (almost $428,000) on Germany for not falling in line. Stay tuned for more details.
The transformation into a bouncer
In the United States, the friendly ISP is about to be transformed into a bouncer, thanks to the new Center for Copyright Information, a group made up of the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA) and five of the biggest ISPs: AT&T, Cablevision, Comcast, Time Warner Cable and Verizon. The Center’s goal is to cut the rate of Internet piracy and do it in a more organized fashion than happened with the scattered litigation used previously.
The Center will “sniff” the Internet for packets of copyrighted materials and the IP addresses of the sender (visible on open P2P file-sharing networks). Then they will tell the ISP that they have noticed some potentially illegal activity from one of their IP addresses. This sets off a six-strike set of warnings from the ISP to the IP address which could culminate in the subscriber losing his or her Internet connection.
While this is a kinder,gentler approach than the French “Three strikes and you’re out” policy against Internet piracy, it has some people worried. Douglas Rushkoff, a media theorist and CNN columnist, thinks the Center will put ISPs in a new role of monitoring content as well as punishing offenders, removing subscribers’ fast dwindling expectations of privacy from their ISP.
Just do it in a tunnel
Since your ISP already knows the IP addresses – and is poised to know even more – is it worth fighting for your privacy? Many will argue, Yes. One way to cut the information available to your ISP is to use a virtual private network (VPN) such as Hotspot Shield.
With Hotspot Shield Free VPN turned on, the ISP can only see that you are communicating with an Hotspot Shield proxy server – not the IP assigned to you by Hotspot Shield or those you are communicating with. The ISP can only see the volume of encrypted data flowing to and from your computer – without the ability to read it or identify the type of data being sent. This is, afterall, not such a revolutionary idea. In the analog world, reliable mailmen can be trusted to just deliver the mail, not read it.